You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Tojan Horse Seen By Norton Unable To Remove

I have a trojan horse warning pop up whenever I surf the web and Norton can not remove the file. Whenever I get that I do a system restore to an earlier date, but occasionally it still pops up every so often again while surfing. Please help me remove this trojan if it's seen in my Hijack This log seen below. I'm not sure how serious this trojan is, but I would like it to be removed without doing a fresh reinstall. Please help thanks. Norton usually finds the file in my content.ie5 temporary folder and says it's unable to remove it.

Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

Viewpoint Viewpoint Manager Viewpoint Media Player

If you uninstalled, please navigate to and delete the following folders C:\Program Files\Viewpoint

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with the fixes. So please disable TeaTimer by doing the following:1) Run Spybot-S&D2) Go to the Mode menu, and make sure "Advanced Mode" is selected3) On the left hand side, choose Tools -> Resident4) Uncheck "Resident TeaTimer" and OK any prompts

Double Click mbam-setup.exe to install the application.Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.If an update is found, it will download and install the latest version.Once the program has loaded, select "Perform Quick Scan", then click Scan.The scan may take some time to finish, so please be patient.When the scan is complete, click OK, then Show Results to view the results.Make sure that everything is checked, and click Remove Selected.When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Copy and Paste the entire Malwarebytes' Anti-Malware report in your next reply along with a fresh HijackThis log.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediatly.

If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

I see you have been visiting some sites with illegal contents, it is how your computer got infected. Do not visit any sites of this sort any more, do not download cracks keygens and similar, or your computer will get infected again, and who knows next time you might end up with only choice for reformatting.

And it is not just the reformatting problem, but also all those backdoors that are already installed on the computer and other spywares that will steal your personal info and banking details.

Now thats a problem, anyone that would have access to your computer (and that is what backdoors do, give access to other people to your computer) can sell your personal info and if you do any banking online, they will also steal your credit card numbers online banking accounts etc. and that is not all, they can also use your computer for ddos attacks and similar.

Ask your self, is it really worth downloading keygens and visiting this kind of sites?

We need to execute an OTMoveIt3 script

Please download OTMoveIt3 by OldTimer and save it to your desktop.Double click the icon on your desktop to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the code box below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): Do not include the word "Code".

Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTMoveIt3

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program. For Technical Support, double-click the e-mail address located at the bottom of each menu.

Open OTMoveI3 and click the CleanUp! button on top. In the left pane, it will display a list of tools and other related files which you may have downloaded/used during our cleanup + backup folders that were created with the bad files present. They are not needed anymore, so OtMoveIt will delete them. Do not edit anything in that Window!Don't worry if it displays some tools you didn't download/use. Click Yes when it asks to Begin cleanup process. Then reboot your computer.

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact me or a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

If I've saved you time & money, please make a donation so I can keep helping people just like you! You can donate using a credit card and PayPal. Thank you!

Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.